Use ClickHouse defaults matching out-of-the-box setup

[DZakh]

Changes ClickHouse configuration defaults to match the out-of-the-box ClickHouse setup, eliminating the need for credentials in local development while requiring explicit configuration in production.

Summary

Updates default ClickHouse credentials and database name to use the pre-existing default user (with no password) and default database that come with a fresh ClickHouse installation. This allows envio dev to work without additional setup, while envio start continues to require explicit environment variable configuration.

Key Changes

• CLI defaults (docker_env.rs): Changed ch_password default from "testing" to "" (empty string) and ch_database default from "envio_indexer" to "default"
• Password handling (Env.res): Added readAllowEmpty function to distinguish between unset environment variables (None) and explicitly set empty passwords (Some("")), allowing passwordless ClickHouse users
• Database validation (PgStorage.res): Added ENVIO_CLICKHOUSE_DATABASE to required environment variable validation for envio start, ensuring users explicitly configure the database when not using defaults
• Sink initialization (Sink.res): Clarified that database is not passed to the client constructor; each query qualifies the name explicitly or runs USE first
• E2E tests: Added explicit ENVIO_CLICKHOUSE_DATABASE environment variable to test configurations
• Test expectations: Updated error message to include ENVIO_CLICKHOUSE_DATABASE in the list of required variables

Implementation Details

The distinction between "unset" (None) and "set but empty" (Some("")) for the password is critical: ClickHouse supports passwordless users, so an empty string is a valid credential value that must be preserved and not conflated with an unset environment variable.

https://claude.ai/code/session_017sHyqsHsXQ7D3ZrxP5wcev

Summary by CodeRabbit

• Bug Fixes

  • ClickHouse defaults updated: password defaults to empty and database defaults to "default"
  • Environment reader now distinguishes unset vs explicitly empty ClickHouse password
  • Startup/resume now validate and explicitly use the ClickHouse database value
  • Local teardown improved: network removal force-disconnects attached containers when necessary

• Tests

  • E2E and unit tests updated to set/expect the shared ClickHouse database

• Chores

  • Initialization/resume messages clarified to use "storage" terminology

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Preserves empty-string ClickHouse passwords, requires and validates an explicit ClickHouse database for storage, changes CLI local-dev ClickHouse defaults (password -> "" and database -> "default"), updates tests/E2E to set the database, adjusts binding log/messages wording, and improves Docker network teardown.

Changes

ClickHouse Environment Defaults and Database Validation

Layer / File(s)	Summary
Empty-string password environment reader packages/envio/src/Env.res	A new readAllowEmpty helper in Env.ClickHouse preserves empty-string passwords as Some("") instead of coercing them to None.
Storage and Sink database handling packages/envio/src/PgStorage.res, packages/envio/src/Sink.res	ClickHouse storage initialization now explicitly reads and validates ENVIO_CLICKHOUSE_DATABASE in makeStorageFromEnv and passes the validated database to Sink.makeClickHouse; the ClickHouse client is no longer constructed with a database name.
CLI local-dev defaults and network teardown packages/cli/src/docker_env.rs	CLI local-dev defaults updated: ENVIO_CLICKHOUSE_PASSWORD defaults to "" and ENVIO_CLICKHOUSE_DATABASE defaults to "default"; unit-test helper expectations adjusted; down() now inspects networks on 403, force-disconnects owned endpoints before retrying removal, and converts a persistent 403 into a warning.
E2E and test expectations packages/e2e-tests/src/e2e/e2e.test.ts, scenarios/test_codegen/test/lib_tests/PgStorage_test.res, packages/e2e-tests/src/dependency-tests/install.test.ts	E2E indexer tests and dependency tests now set ENVIO_CLICKHOUSE_DATABASE for indexer runs; test assertion for missing required ClickHouse env vars now includes ENVIO_CLICKHOUSE_DATABASE.
Bindings logging and message wording packages/envio/src/bindings/ClickHouse.res	Log and thrown messages updated to use “ClickHouse storage” wording and clarify database-not-found guidance during resume/initialize flows.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• enviodev/hyperindex#1115: Modifies ClickHouse Docker/dev environment wiring and propagation of managed ClickHouse credentials into the indexer subprocess.
• enviodev/hyperindex#1110: Changes ClickHouse env parsing and PgStorage.makeStorageFromEnv wiring that this PR builds on.
• enviodev/hyperindex#1056: Related E2E ClickHouse sink integration and test configuration edits affecting the same test paths.

Suggested reviewers

• JonoPrest

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Use ClickHouse defaults matching out-of-the-box setup' clearly and concisely summarizes the main change: updating ClickHouse defaults to match a fresh installation.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/cli/src/docker_env.rs`:
- Around line 1223-1234: The current loop in inspect that unconditionally calls
docker.disconnect_network for every container_id can disconnect non-Envio
containers; change it to only disconnect endpoints that are provably Envio-owned
or stale: for each container_id from inspect.containers, query the container
metadata (e.g., via docker.inspect_container or equivalent) and check for an
Envio-specific label or name prefix (or other provenance marker your codebase
uses) before creating a NetworkDisconnectRequest and awaiting
disconnect_network; skip and do not force-disconnect any container that lacks
those Envio identifiers and instead leave it attached (optionally log/emit the
existing warning path). Ensure this logic ties into the existing
stop_and_remove() flow so you only target containers you created.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 23dc79c1-c07e-4839-99b4-3c68d38090cf

📥 Commits

Reviewing files that changed from the base of the PR and between 82e4350 and 8241a7b.

📒 Files selected for processing (1)

• packages/cli/src/docker_env.rs